Program Terms

Participation in the Bitdefender Bug Bounty Reward program is voluntary and subject to the legal terms and conditions detailed on Terms and Conditions page. By submitting a vulnerability report to Bitdefender, you acknowledge that you have read and agreed to our program terms.

Submission process

We prefer PGP and you can import our public key from here. Make sure your report includes:

A clear and relevant title

Affected product / service

Vulnerability details and impact

Reproduction steps / Proof of Concept

Rewards

There is no fixed price for submissions. They will all be evaluated and rewards will be issued based on impact. Obviously an XSS submission will value less than RCE.

The minimum reward is set at $100. We’re not setting an upper limit on rewards at this time. The rewards will be issued if you are the first one to submit a specific vulnerability and your report is determined to address a valid issue by our response team.

IMPORTANT

This program is open to participants worldwide, excluding locations where prohibited by law, who have reached the age of majority in his/her country, province or territory of residence.

Participants are responsible for any tax implications depending on the country of residency and citizenship. There may be additional restrictions on a participant’s ability to enter the program, depending upon local law.

Determining the validity and value of a submission lies exclusively with our team. We trust you to tinker with our technologies and you’ll have to trust us to be fair in our evaluation.

When does it start?
The Bitdefender Bug Bounty Program opens on 10th December 2015.